Microsoft Operations Management Suite is nice, and in some cases free, tool to manage and search through logs. But it’s dedicated to Windows and Linux operating systems by default. In many environments, especially those most secure ones, huge amount of logs are generated by network devices. Firewalls placed on the edge between Internet and DMZ zone quite often are set up to log all denied connections. Those firewalls can produce significant volume of logs that need to be searched and analyzed. Microsoft Operations Management Suite seems to be perfect tool for that but there is no native support of such feature. But we can implement this doing small workaround. Let’s look how to add network device to Microsoft Operations Management Suite using syslog.
Collecting and processing logs from all systems and network devices can be a nightmare for any systems admin. Searching through them and performing security audits can be a nightmare for security team if collector engine is not powerful enough to process queries in efficient time. Microsoft Operations Management Suite is interesting solution to answer both those problems and add much more analysis giving administrators visibility and control across on-premise and cloud installations.
Microsoft Operations Management Suite runs in Azure which means it’s extremely fast in processing the data. Millions of records are not problem for OMS so we can get Insights and Analytics of what is happening on our servers or workstations, detect and respond to threads or apply proper protection or even put in place some automation in controlling. It’s quick to setup and for many users it can be for free!
It’s been 7 years since I’ve started this blog. It was 6 months after I gained my CCIE certification and thought it will be good place to share some of interesting technical stuff from projects I’ve been working on. I was then deep into Cisco world due to fact company I was working for was Cisco Gold Partner and majority of projects were done using Cisco products. There was a gap in posting when I had little time to focus on blog but in October 2016 it was back in game. In little refreshed form in term of content.
What’s new on IT Playground?
Now it’s time for little rebranding. As you may noticed content is already not as Cisco-oriented as it used to be. I’m doing different projects now, there are different customers I’m working for, technology moves forward as well. There is more talk about SDN, DevOps, cloud technologies, virtualization etc. CCIE is very important and valuable certification for me but Cisco is not the only vendor worth focusing on.
Therefor I’m moving from ‘CCIE Playground’ to ‘IT Playground’.
I received very good feedback about latest posts on REST API so I’ll still try to show how to real new technologies and fill posts with practical examples. I will focus on design considerations that will be more vendor independent. Security aspects of solutions will be important as well.
Blog is now available under link https://blog.it-playground.eu
I hope you’ll like it 🙂